Findings (validated by xAI Grok security review)
shell_exec/exec with dynamic inputs (HIGH)
flowview_devices.php:893,897,901: shell_exec with $safe_port in netstat/ss commandsflowview_bulkarin.php:127: exec with whois queries (partially escaped)functions.php:5820: exec with wget commandfunctions.php:6558: shell_exec with flow_export binary
Most paths use escapeshellarg() but some concatenate variables into shell pipeline strings.
Recommended fixes
Audit each exec path for complete escaping. Replace shell pipelines with direct PHP operations where possible.
Findings (validated by xAI Grok security review)
shell_exec/exec with dynamic inputs (HIGH)
flowview_devices.php:893,897,901: shell_exec with $safe_port in netstat/ss commandsflowview_bulkarin.php:127: exec with whois queries (partially escaped)functions.php:5820: exec with wget commandfunctions.php:6558: shell_exec with flow_export binaryMost paths use escapeshellarg() but some concatenate variables into shell pipeline strings.
Recommended fixes
Audit each exec path for complete escaping. Replace shell pipelines with direct PHP operations where possible.